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About This Guide 


Novell® BorderManager® 3.9 includes premier firewall and VPN technologies that safeguard your 
network and help you build a secure identity management solution. With the powerful directory- 
integrated features in Novell BorderManager, you can monitor users’ Internet activities and control 
their remote access to corporate resources. 


This documentation presents an introduction to installing and managing Novell BorderManager 3.9. 
The audience for this documentation is experienced network administrators. 


It includes the following sections: 


+ Chapter 1, “Installation Requirements,” on page 9 
* Chapter 2, “Installing Novell BorderManager 3.9,” on page 11 
+ Chapter 3, “Upgrading From Earlier Versions,” on page 17 


Feedback 


We want to hear your comments and suggestions about this manual and the other documentation 
included with this product. Please use the User Comments feature at the bottom of each page of the 
online documentation, or go to www.novell.com/documentation/feedback.html and enter your 
comments there. 


Documentation Updates 

For the most recent version of the Novel! BorderManager 3.9 Installation Guide, visit the Novell 
Documentation Site (http://www.novell.com/documentation/nbm39/index.html). 

Additional Documentation 


This Installation Guide is a part of documentation set for Novell BorderManager 3.9. The other 
documents include: 


* Novell BorderManager 3.9 Proxy and Firewall Overview and Planning Guide 

* Novell BorderManager 3.9 Administration Guide 

* Novell BorderManager 3.9 Virtual Private Network Client Installation Guide 

* Novell BorderManager 3.9 Troubleshooting Guide 

* Novell BorderManager 3.9 Virtual Private Network Deployment Frequently Asked Questions 


Documentation Conventions 


In this documentation, a greater-than symbol (>) is used to separate actions within a step and items 
in a cross-reference path. 


Also, a trademark symbol (®, ™, etc.) denotes a Novell trademark. An asterisk (*) denotes a third- 
party trademark. 


About This Guide 


When a single pathname can be written with a backslash for some platforms or a forward slash for 
other platforms, the pathname is presented with a backslash. Users of platforms that require a 
forward slash, such as Linux or UNIX, should use forward slashes as required by your software. 
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Installation Requirements 


Novell® BorderManager® provides Internet access control and supports numerous content-filtering 
solutions. These features protect your network from undesirable Internet content, including 
programs that destroy or steal data, games that waste users’ time, and Web pages that expose your 
company to legal liability. 


Novell BorderManager includes firewall and VPN technologies that protect networks and resources, 
while ensuring end-user productivity. This section provides the system requirements and the 
preparations that you need to make before you install Novell Border Manager 3.9. 

+ Section 1.1, “System Requirements,” on page 9 

+ Section 1.2, “End User License Agreement,” on page 10 


* Section 1.3, “Documenting Your Environment,” on page 10 


1.1 System Requirements 


Novell BorderManager 3.9 can be installed on a NetWare or Open Enterprise Server (OES) server 
and is administered using Novell ¡Manager 2.6. 


NOTE: Using NetWare Administrator for configuring Novell BorderManager Proxy is not 
supported. The BorderManager Proxy is administered using ¡Manager with this release. 





1.1.1 Server Hardware 


* Intel* Pentium* II or higher processor. 
* Minimum of 1 GB of RAM above operating software requirements. 


* Minimum of 300 MB of disk space, with an additional 40 MB available during installation 
(Novell BorderManager needs approximately 150 MB, and NMASTM needs an additional 40 
MB). 


* CD drive that can read ISO 9660 formatted disks. 
* Super VGA or higher resolution display adapter. 
* Oneor more network interfaces. 

+ PS/2 or serial mouse. 

* DOS partition with at least 250 MB. 

+ 4 GB sys: volume recommended. 


* Minimum 2 GB of free drive space for the creation of a dedicated cache volume if you want to 
use Novell BorderManager 3.9 as a proxy server. 


1.1.2 Server Software 


The following prerequisites must be installed in this order: 


+ NetWare 6.5 SP 6 or later or OES SP 3 operating system. 


Installation Requirements 


+ 


+ 


+ 


The installation server and all servers holding a copy of the partition where the Novell 
BorderManager 3.9 server object resides should have Novell eDirectory™ 8.7.3 or later. Novell 
BorderManager 3.9 must be installed on a NetWare server that holds an eDirectory read/write 
replica of the partition containing that servers object. 

NICI 2.6 


Netn1m32.n1m version 6.00.06 dated September 25, 2006 


Special Requirements for VPN: 


+ 


TCP/IP secure version. Copy bsdsock, tcp, and tcpip files from: 
* vpn\tcpd directory of CD to the System folder of NetWare 6.5 SP 6: 
* sys:\system\tcpip\tcpd to the system folder for NW 6.5 SP 7 or later. 


1.2 End User License Agreement 


Before installing Novell BorderManager 3.9, you need to read the End User License Agreement 
(EULA). The EULA is in the relevant language directory at the root of the product directory > 





\EULA. 


1.3 Documenting Your Environment 


There are a number of items that you might need to note before installing Novell BorderManager 


3.9. 


+ 


+ 


+ 


Location of license diskettes or path to the license file 

Public and private interfaces and their IP address bindings 
Domain name system host name 

IP addresses for up to three DNS name servers on the network 


Domain name for the Mail Proxy and whether you want to proxy an internal mail server or 
external mail server or both 


Server certificates if secure LDAP is to be used for schema extension 
Default gateway 
If you are installing VPN services, document the following: 

+ Server certificate to be used for the VPN server 

+ Trusted root certificate name 


+ Trusted root object names 
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Installing Novell BorderManager 
3.9 


This section contains the following information: 


+ 


+ 


Section 2.1, “Prerequisites,” on page 11 


Section 2.2, “Installation Procedure,” on page 11 


2.1 Prerequisites 


+ 


If you are downloading the product from the Web, go to the Download Site (http:// 
download.novell.com), download the zip file, then unzip it on a drive that is accessible from 
your server. 


Run INETCFG before you install Novell? BorderManager® 3.9. 


2.2 Installation Procedure 


To install Novell BorderManager 3.9 on the server: 


1 


Do one of the following: 


+ If you are downloading the product from the Web, unzip Novell BorderManager 3.9 on a 
drive that is accessible from your server. 


* If you are using a product CD, mount the Novell BorderManager 3.9 CD on the server by 
entering CDROM at the server console. 


On the server side, go to the X-Server Graphical Console. Ifthe X-Server Graphical Console is 
not loaded, enter STARTX at the server console. 


If STARTX is already loaded, press Ctrl+Esc and select the option for X-Server Graphical 
Console. 


Click Novell, then select Install to display the list of currently installed products. 


Click 4dd, then browse to the root of the Novell BorderManager 3.9 directory and select 
product .ni, which is displayed in the right frame. Click OK. 


Click OK. The Welcome page is displayed. 


6 Click Next. The License agreement page is displayed. 


Read the license agreement. If you accept the terms of the agreement, click / Accept. The 
Novell Border Manager Services installation page is displayed. 


Select the check boxes next to the services you want to install them. 


Select Trial License or shipping license from the Enter a License Location Path drop-down list. 
Trial Licenses are selected by default. Trial and Shipping licenses are located in the licenses 
directory at the root of the CD. 
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10 Click Next. The Minimum Requirements page is displayed. 





Fe El 
Novell. 





N Novell BorderHanager Services Installation : 
| Novell. BorderManager” 













Minimum Requirements Check 











Product I Installed Version | Minimum Require....| Result ] 
NetWare 6.5.6 6.5.6 Y! 
NICI 2.7.0 2.7.0 lv] 
eDirectory * 87.3.9 87.3.9 Vv] 
LDAP [87.3.3 [87.3.1 i] 
Novell BorderManager l- [= iral 
PKI [3.2.0 [3.2.0 Vv 
SAS 4.7.5 1.7.0 ra 
NETNLM32. NLM 6.0.6 6.0.0 il 
TCP/IP Modules (opti... Mull Encryption Domestic Encryption lv] 
Novell iManager (opti...\2.6.0 2.6.0 ra 














* eDirectory Recommended Version : 87.3.9 





| Cancel || Help | | = Back || Next> 





The Minimum Requirements page displays the installed version as well as the minimum 
requirement version of the software. 

If any of the minimum requirements except TCP/IP modules or iManager 2.6 is not met, the 
installation stops. Meet the requirements according to the displayed table in the minimum 
requirements page and restart the installation. 

If the base requirements for the TCP/IP modules are not met, a warning is displayed. You can 
ignore the warning and install, but you need to copy the right TCP/IP modules later if you want 
to use VPN services. 

If iManager 2.6 is not installed, the plug-ins for Novell BorderManager Firewall Configuration, 
Novell BorderManager Proxy configuration, and Novell BorderManager VPN Configuration 
are not installed. If that is the case, install iManager 2.6 after Novell BorderManager 
installation to automatically install the Novell BorderManager Firewall Configuration and 
Novell BorderManager VPN Configuration plug-ins. 


If the minimum system requirements are met, click Next to proceed. 
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12 
13 


14 


On the NDS Authentication page, specify your credentials to log in. 


IN NDS Authentication 


> y The user must be an Admin or Admin equivalent or a Trustee to 
the server context. with these rights you can extend the 
eDirectory schema. 





User Name 








User Password 





Tree 











User Context 








[| oK Il Cancel || Details 








User Name: Specify either your fully distinguished name (FDN) or provide only the name. 
You must have administrative rights to the root of the eDirectory tree. This requirement applies 
to any user who is a trustee with Supervisor rights at a container at the same level as the server. 
Administrative rights are required to extend the eDirectory schema, install product licenses, 
and configure Novell BorderManager 3.9 for the first time. 


User Password: Specify your password. 
Tree: Specify the name of the tree. 


User Context: Specify the user context in the tree. You must specify this information if you 
have not entered your FDN in the User Name field. 


Click OK. 


If you are installing Novell BorderManager firewall/caching services or Novell 
BorderManager VPN services, review the list of network interfaces and their IP bindings. 


For firewall and caching services, you must specify a public IP address to secure the network 
border. Public IP addresses specify server interfaces to a public network, typically the Internet. 
Private IP addresses specify server interfaces to a private network or intranet. 


13a Select the Public or Private check box to specify a network interface as public, private, or 
both for proxy and firewall services. 


13b Specify the default gateway in the Default Gateway Field. 


13c By default, the Install ¡Manager Snap-ins for Firewall check box is selected. Deselect the 
check box if you do not want to install the ¡Manager plug-ins. 


Click Next. The Novell BorderManager Services Installation page is displayed. 
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14 


15 Select the check boxes for the services that you want to enable. Filter exceptions for these 
services are created on the public interface. 








N Novell BorderĦanager Services Installation ; 
| Novell. BorderManager Novell 





Select Services And Set Filter Exceptions 























Enable 
[Y] HTTP |] FTP 
_| Mail [] News 
U [] DNs 
_| HTTP Transparent J TELNET Transparent 
7) VPN [] IP Packet Filtering 





Description 


Real Audio and Real Time Streaming Protocol (RTSP) proxies allow players inside the 
firewall to connect to a requested server outside the firewall. Select this option to 
enable Real Audio and RTSP proxies as well as to add minimum necessary default filter 











| Cancel || Help | | = Back || Next > | 








On a single interface machine, filter exceptions are created but the filters are not enabled. Filter 
exceptions corresponding to the selected services are created on the public interface. Filter 
exceptions are activated along with the filters if IP Packet Filtering is selected. IP packet 
filtering is not enabled if only one interface is available. If this is an upgrade, existing filters are 
preserved. Deny All Filters is not set on public interfaces. 


16 Click Next. 


17 (Optional) If you selected Mail, select either or both of the External/Internal check boxes in 
order to set appropriate filter exceptions, depending on whether you want to proxy internal mail 
servers, external mail servers, or both. Specify the name of one domain for the mail proxy. 


18 (Optional) NetWare provides the facility to create cache volumes automatically. If HTTP, FTP, 
HTTP Transparent is selected in the Select Services and Filter Exception page, click Create 
Volume and provide the required details to create traditional volumes for caching. You can also 
use existing traditional volumes for caching. 





NOTE: If you do not create a volume or select a traditional volume for caching, the 
sys:\etc\proxy\cache directory is used. 





To create a new cache volume, see the Novell BorderManager 3.9 Troubleshooting Guide. 


19 The Access Control check box is enabled by default. We recommend that you accept the 
default. Access control enforces additional security by denying all proxy services traffic. 


Access control rules can be set using the iManager. Access rules are used to allow or deny 
access from any source or to any destination. This option comes up only if you selected Proxy 
Services on the previous page. 
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22 


23 


24 


25 


26 


Click Next to continue. 


Specify a unique DNS domain name for your network in the DNS Domain Name field, then 
click Next. 


Click Add, then specify at least one or up to three DNS server IP addresses. By default, the 
existing DNS entry is used. 


Use the Up and Down buttons to move the order of IP addresses, if you have added two or more 
IP addresses. 


To delete a DNS server IP address, click Delete. 
Click Next to continue. 


By default the Install iManager Plug-Ins for VPN check box is selected. Deselect the box if 
you do not want the plug-ins to be installed. 


Click Next. 


Click Finish if you are done, or click Back to return to previous pages and modify your 
selections. 


Do one of the following: 
* Click Reboot for Novell BorderManager 3.9 services to come up. 
* Click Close to complete the installation and return to the GUI screen. 
* Click Readme to view the Readme. 


The install summary is available insys:\ni\data\nbm instlog.csv. The Readme is 
available at the root of the CD under Documents/ReadMes/enu. 
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Upgrading From Earlier Versions 


To upgrade from Novell BorderManager 3.8 to Novell Border Manager 3.9, do the following: 


1 Do one of the following: 


+ If you are downloading the product from the Web, unzip Novell BorderManager 3.9 on a 


drive that is accessible from your server. 


+ If you are using a product CD, mount the Novell BorderManager 3.9 CD on the server by 


entering CDROM at the server console. 


2 On the server side, go to the X-Server Graphical Console. If the X-Server Graphical Console is 


not loaded, enter STARTX at the server console. 


If STARTX is already loaded, press Ctrl+Esc and select the option for X-Server Graphical 


Console. 


3 Click Novell, then select Install to display the list of currently installed products. 


4 Click Add, then browse to the root of the Novell BorderManager 3.9 directory and select 
product .ni, which is displayed in the right frame. Click OK. 


5 Click OK. The Welcome page is displayed. 


6 Click Next. The License agreement page is displayed. 


7 Read the license agreement. If you accept the terms of the agreement, click I Accept. The 
Novell Border Manager Services installation page is displayed. 


o œ 


Select the check boxes next to the services you want to install them. 


Select Trial License or shipping license from the Enter a License Location Path drop-down list. 


Trial Licenses are selected by default. Trial and Shipping licenses are located in the licenses 


directory at the root of the CD. 


10 Click Next. The Minimum Requirements page is displayed. 









N Novell BorderĦanager Services Installation © 





¿Fo ki 








Novell. BorderManager' 





de CL 





Minimum Requirements Check 


Novell. 








NetWare 

NICI 2.7.0 
eDirectory * 87.3.7 

LDAP 87.3.0 

Novell BorderManager 3.8.5 

PKI 3.2.0 

SAS 1.7.5 
NETNLM32. NLM 6.0.6 

TCP/IP Modules (opti... Null Encryption 
Novell iManager (opti... 2.5.0 








2.7.0 

87.3.9 

87.3.1 

3.8.0 

3.2.0 

1.7.0 

6.0.0 

Domestic Encryption 
2.6.0 


Product Installed Version ) Minimum Require... Result 
6.5.6 6.5.6 lv] 








SIĊISINSININIXISINJI 


The Minimum Requirements page displays the installed version as well as the minimum 


requirement version of the software. 
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Meet the requirements according to the displayed table in the minimum requirements page and 
restart the installation. Click Next to continue. 


11 On the NDS Authentication page, specify your credentials to log in. 


N NDS Authentication 


The user must be an Admin or Admin equivalent or a Trustee to 
the server context. With these rights you can extend the 
eDirectory schema. 


User Name 








User Password 





Tree 








User Context 





ok Jl Cancel | | Details | 





User Name: Specify either your fully distinguished name (FDN) or provide only the name. 
You must have administrative rights to the root of the eDirectory tree. This requirement applies 
to any user who is a trustee with Supervisor rights at a container at the same level as the server. 
Administrative rights are required to extend the eDirectory schema, install product licenses, 
and configure Novell BorderManager 3.9 for the first time. 


User Password: Specify your password. 
Tree: Specify the name of the tree. 


User Context: Specify the user context in the tree. You must specify this information if you 
have not entered your FDN in the User Name field. 


12 Click OK to continue. 
13 You are prompted with the following dialog box: 


N Information 


The existing configuration will be preserved. Any future changes to 
the configuration can be made by using iManager after completing 
this install. 


4 version of Novell BorderManager 3.8 already exists on this server. 


Please stop all running Novell BorderManager services before 
proceeding further with the installation. 


1 


OK 





Click OK to proceed. 


14 By default the Install iManager plug-ins for VPN check box is selected. Deselect the box if you 
do not want the plug-ins to be installed. 


Click Next. 
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Click Finish if you are done, or click Back to return to previous pages and modify your 
selections. 


Do one of the following: 
* Click Reboot for Novell BorderManager 3.9 services to come up. 
* Click Close to complete the installation and return to the GUI screen. 
+ Click Readme to view the Readme. 


The install summary is available insys:\ni\data\nbm instlog.csv. The Readme is 
available at the root of the CD under Documents/ReadMes/enu. 








NOTE: Novell BorderManager 3.9 provides the option to recover from a failed install. The 
Install program pops up an option after the authentication dialog box (Step 11 on page 13). To 
recover from a failed install, select the Fresh Install Option or select the Upgrade option. 
Continuing with the Fresh Install option with a working Novell BorderManager 3.9 server may 
give unexpected results, particularly with existing filter exceptions. After using this option, 
review your ¡Manager configuration and filter exceptions. 
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